PDF version of this report
You must have Adobe Acrobat reader to view, save, or print PDF files. The reader
is available for free
download.
Enterprise Records
Management Systems
Copyright 2022, Faulkner Information
Services. All Rights Reserved.
Docid: 00011150
Publication Date: 2207
Report Type: TUTORIAL
Preview
The term Enterprise Records Management System (ERMS) refers to software for
providing systematic, orderly administration of information
throughout its lifecycle – from creation and receipt to final disposition. This
type of application also
prescribes practices for classifying, retaining, using, producing, and
protecting material. ERMS is a subset of
Enterprise Content Management (ECM) and pertains to content that satisfies the
basic definition of an enterprise record. This tutorial examines some of
the top considerations when implementing an ERMS.
Report Contents:
- Executive Summary
- Description
- Current View
- Outlook
- Recommendations
- References
- Web Links
- Related Reports
Executive Summary
[return to top of this report]
An ERMS (enterprise records management system) offers a subset of
ECM (enterprise content management) that pertains only to information that
satisfies the basic definition of an enterprise record, which can consist of data or
other information that represents or helps describe the state of an operation at one
or more specific points in time. Enterprise records are often stored and indexed in
some formal manner for later retrieval in order to address needs and issues associated
with accounting, auditing, compliance, litigation, or knowledge management.
Related Faulkner Reports |
Records Management Systems Market Trends |
Enterprise Content Management Software Market Trends |
ERMS software provides a systematic, orderly administration of
such material throughout the lifecycle: from creation/receipt to final
disposition. It also prescribes best practices for classifying, retaining,
using, producing, and protecting material. In general, enterprise records
management pertains only to information that satisfies the basic definition of
an enterprise record.
In most cases, an enterprise record is generated by the organization, making
it the item’s only official source. As such, the enterprise is responsible for
maintaining its records in accordance with its own policies and with regulatory
requirements. The need to
discharge this responsibility, therefore, makes the development and/or
investment in a reliable ERMS all the more important.
Common Features
According to Microsoft1, an enterprise records management system
necessitates elements such as:
- Content Analysis – Describes and categorizes
potential records, providing source locations and describing how content
will move to the records management application. - File Plan – Details type of record, how and
where it should be retained, applicable policies surrounding them, the
manner in which it should be disposed, and who is responsible for managing. - Compliance Requirements – Defines rules to
which IT systems must adhere to ensure compliance, in addition to
methods used to ensure the participation of enterprise team members. - Collection Methods – For records that are no longer
active. - Auditing Method – For active records.
- Record Metadata Capture Method – Including audit
and retention history. - Record Holding Process – suspends disposal
when events such as litigation occur. - Handling System – Monitors and reports
records to ensure employees continue to file, access, and manage records
according to defined policies and processes.
Pressures
Traditionally, the process of selecting an ERMS software solution includes a close – almost
exhaustive – examination of enterprise requirements, from costs to continuity to
compliance. Figure 1 outlines the major business pressures that enterprise
officials must consider in weighing various software options.
Figure 1. Pressures Affecting the ERMS Selection Process
Source: HP
(archived via Records.com)
ERMS Software Options
Companies that offer ERMS options include:
- OpenText Records Management — purchased Dell EMC’s Enterprise Content
division - Micro Focus Content Manager and Content Manager Select
- IBM Records Manager
- Microsoft 365 Records Management
- Oracle WebCenter Content
Description
[return to top of this report]
An ERM (enterprise records management) system
affords an organization several benefits, among them improved:
- Information Access – For developing more targeted sales campaigns
- Legal, Regulatory, and Audit Compliance – Supporting
e-discovery-based records-on-demand - Cost reduction – Cuts cost associated with storing records by eliminating redundant
or overlapping records repositories, then retrieving them by mapping
their precise location
Figure 2 looks at the necessities in selecting an ERMS, as dictated by the
International Standards of Records Management ISO 15489.2
Figure 2. ERMS Necessities
Source: HP (archived via Records.com)
Current View
[return to top of this report]
ERMS Drivers
A survey conducted by Forrester Research3 in collaboration with ARMA
International identified three primary factors driving the adoption of ERM:
- Regulatory Requirements and E-Discovery – Enterprise
executives consistently rank regulatory compliance among their top business
management concerns - Content and Application Types – Cloud-based, social,
Web-based, and mobile sources of content - Rise of SharePoint – Enterprise adoption continues to
grow
ERMS Standards
As with all enterprise disciplines, ERM is traditionally governed by international standards. Today, the principal international records
management standard is the International Organization for Standardization
(ISO) 15489: Information and documentation – Records
management. Published in 2001, ISO 15489 emphasizes the management
of both paper and electronic records (including forms like e-mail).4
Table 1 takes a look at the ISO 15489 document.
Part |
Description |
---|---|
Part 1: General |
Provides a high-level framework for record-keeping. Addresses the benefits of records management,
Discusses high-level records management requirements, the design of
Discusses records-management audit operations and training requirements for all staff of an organization. |
Part 2: Guidelines
|
Provides practical and more detailed guidance about
Provides practical guidance about the development
Discusses the use of these tools to capture, Provides specific assessment regarding the |
In 2017, the ISO released its latest update to the ISO/TC 46/SC 11. This refresh focused on
working to convert and expand the single terminology standard. Effective with this update, the title of ISO 30300 was changed to "ISO 30300:
Records management: Core concepts and vocabulary."
Outlook
[return to top of this report]
Paper Records
Even today, many vital records exist
only on paper. For example, one of the major impediments to sharing health
information – a process that promises to reduce health administration costs
and improve patient care – is paper or hardcopy-based patient files. Rendering these
files into an electronic form through document imaging or other means should be
an essential element of enterprise records management. At minimum, the
enterprise records management system should track all critical paper
records.
Mobile Records
While most enterprise records still
reside on enterprise mainframes or large central servers, an ever-growing
percentage of records are housed on hard drives, smartphones, laptops, tablets, and other
off-data center devices. The enterprise records management system should
account for enterprise records regardless of their location.
Big Data
The term “Big Data” refers
to the massive amounts of data generated on a daily basis by businesses
and consumers alike – data that cannot be processed using conventional data
analysis tools owing to its sheer volume and, in many case, its unstructured
nature. Convinced that such data holds the key to improved productivity and
profitability, enterprise planners are searching for tools capable of processing
Big Data, and information technology providers are developing better
solutions to accommodate new Big Data market opportunities. There is real value
in Big
Data,
provided next-generation tools are developed to efficiently and
economically store and process the text, audio, video, and other complex
information that surround
and pervade enterprise operations.
Enterprise planners should invest in enterprise records
management systems that are scalable enough to accommodate the explosion
of Big Data.
Laws & Regulations
Another major consideration is that records management must account for legal
and regulatory needs. Records
management regulations help improve an enterprise’s overall records management
posture. The ERMS should help enterprise
members to adhere to – and document compliance with – all relevant records statutes, including,
but not limited to:
- Securities
and Exchange Commission (SEC) Rule 17a-4 – Requires stock brokers
and dealers to retain all proof of electronic communication with clients
for at least three years, the first two years in an “accessible
place.” - Financial Industry Regulatory Authority (FINRA) Rule 3110
– a.k.a.,
the National
Association of Securities Dealers (NASD) Rule 3110 – Requires that
member firms implement a retention program for all correspondence –
including e-mails – that involves registered representatives. - Sarbanes-Oxley
Act of 2002 (SOX) – Compels CEOs and CFOs
of publicly-traded companies to attest to the accuracy of financial statements. Retaining business e-mail is considered
essential to SOX compliance. - Federal
Rules of Civil Procedure – Effective December 1, 2006, amended to establish a new form of
discoverable data called “electronically stored information” (ESI),
as well as to prescribe procedures for handling electronic evidence such
as e-mails. - National
Archives and Records Administration – Subchapter B, Parts 1234.32
and 1234.34 of the NARA Code of Federal Regulations establish the basic
rules for retaining federal electronic records, including e-mail
records. - Health
Insurance Portability and Accountability Act of 1996 (HIPAA) –
Enacted to ensure the privacy and security of health information,
particularly “electronic protected health information” (EPHI),
the HIPAA Security Rule addresses, among other concerns, the protection
of EPHI-related e-mails. - Uniting
and Strengthening America by Providing Appropriate Tools Required to
Intercept and Obstruct Terrorism Act of 2001 (USA Patriot Act) –
Expands the authority of US law enforcement for the stated purpose of
fighting terrorist acts in the United States and abroad, including the
interception and inspection of enterprise e-mail. - Gramm-Leach-Bliley
Act of 1999 (GLBA) – Enacted to ensure the privacy and security of
personal financial information, the GLBA Safeguards Rule incorporates
e-mail security.
Recommendations
[return to top of this report]
Prior to developing or acquiring an ERMS system, enterprise planners should
focus on the following foundation:
- Defining which enterprise content
qualifies as an enterprise record (or records). - Creating a classification scheme,
separating enterprise records into categories (like “enterprise
confidential”) according to their value (as in the case of intellectual
property) or their sensitivity (as in customer or employee records). - Assigning an owner to all enterprise
records or record types. The owners will be accountable
to the enterprise in the event any records are compromised. - Conducting enterprise records
inventory, identifying the location and classification of all
enterprise
records. This includes laptops, netbooks, PDAs, CDs, Flash drives,
smartphones, tablets, ultrabooks, and other non-central data stores. - Performing a separate inventory for
paper or hard-copy records, which are often overlooked, especially by IT
staff. - Consulting with general counsel to
determine any legal or regulatory obligations relative to enterprise
records, in addition to establishing a separate classification for records
that might be
subject to e-discovery orders. - Evaluating enterprise security
infrastructure to ascertain whether any records are at risk,
whether because they are lost, stolen, modified in an unauthorized manner, destroyed, or
misappropriated. - Affecting new or improved security measures as appropriate.
- Estimating the capacity/performance impact of Big Data initiatives.
- Cooperating with IT officials to understand the effects of server
and storage
virtualization initiatives on enterprise records management requirements. - Fashioning an ERMS Requirements list, detailing how a prospective
system should
function. - Using ERMS Requirements as
a basis for developing a system, or as
specifications for purchasing an ERMS. - Developing policy, in concert with acquiring an ERMS, to govern
the use of ERMS within the context of an Enterprise Records Management
Program. - Creating a policy for managing non-record enterprise data, with
an emphasis on minimizing such data. - Rationalizing policy and associated practices with the Enterprise
Records Management Policy. - Reviewing the Enterprise Records Management Policy and other
data/information management policies on an annual basis to ensure
continued relevance and effectiveness.
Information Governance
Even though enterprise records management is a subset of ECM, some
enterprises choose not to practice both disciplines. In some cases, records
management can be fully integrated into ECM or, conversely, ECM operations can
be integrated into it. In other cases, an enterprise may eschew
the two disciplines in favor of legacy models such as “information
management”
or “data management.”
References
[return to top of this report]
- 1 “What Is Records Management?” Microsoft TechNet. February 26, 2009.
- 2 “ISO 15489-1: 2016 (Records management).” International Organization for Standardization. April 2016.
- 3 Hill, Brian. “Forrester Research/ARMA International Survey: RM Tech Deployment Still a Rough Road.” Forrester Research. September-October 2011.
- 4 Bradley, Martin. “ISO 15489: A Practical Guide.” eGov Monitor. June 16, 2005.
Web Links
[return to top of this report]
- AIIM: http://www.aiim.org/
- ARMA International: http://www.arma.org/
- ASIS International: http://www.asisonline.org/
- IBM: http://www.ibm.com/
- International Organization for Standardization: http://www.iso.org/
- Micro Focus:
http://www.microfocus.com/ - Microsoft: http://www.microsoft.com/
- OpenText: http://www.opentext.com/
- Oracle: http://www.oracle.com/
[return to top of this report]